set-cookie标头未在Edge中设置cookie [英] set-cookie header not setting cookie in Edge

问题描述

我正在本地测试一个应用，并且正在向 http://localhost:3000发出授权请求/api/auth/login .在响应中返回带有JWT身份验证令牌的set-cookie标头.JWT看起来像:

I'm testing an app locally and am making an authorization request to http://localhost:3000/api/auth/login. A set-cookie header is returned in the response with a JWT auth token. The JWT looks like:

JWT-TOKEN=[really long alphanumeric string];Version=1;Comment=;Domain=;Path=/;Max-Age=3600;;HttpOnly

此后，我再次请求 http://localhost:3000/api/other/资源 ，并收到未经授权的错误，因为它期望在请求中包含JWT令牌的cookie.

Afterwards, I'm making another request to http://localhost:3000/api/other/resource and am getting an unauthorized error as it's expecting a cookie with the JWT token in the request.

在Firefox，Safari和Chrome中设置了Cookie，但没有设置Edge.Edge开发工具控制台中没有任何错误.为什么不在Edge中设置cookie的任何想法?

The Cookie is being set in Firefox, Safari and Chrome but not Edge. Nothing in the Edge dev tools console that anything went wrong. Any ideas why the cookie is not being set in Edge?

推荐答案

我找到了适合我的情况的答案.

I found an answer that worked in my case.

我们在客户端上使用访存.在某些较旧的浏览器中，本机访存实现将默认为凭据:忽略" ，而较新的浏览器将默认为凭据:"same-origin" .

We were using fetch on the client. In some older browsers, the native fetch implementation would default to credentials: "omit", whereas newer browsers default to credentials: "same-origin".

因此，添加此选项似乎使Edge可以在诸如

As such, adding this option seemed to allow Edge to receive cookies in fetch requests, such as

fetch('/users', {
  credentials: 'same-origin'
})

https://github.com/github/fetch#sending-cookies 以供参考.尽管标题名称相同，但忽略"将同时禁用发送和接收Cookie.

https://github.com/github/fetch#sending-cookies for reference. Despite the name of the heading, "omit" will disable both sending AND receiving cookies.

这篇关于set-cookie标头未在Edge中设置cookie的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！